![]() ![]() This was the reason the developer has added timestamps in the events, which when logged in splunk would show the timestamps with ms info. Hello, I would like to know if and how is it possible to find and put in a field the difference (in time: seconds, hours or minutes does not matter) between the first and the last event of a certain search. With this parameter specified, any event coming before the first start event, or in between an end event and the start event that follows, is not part of any session and is therefore ignored - all sessions include exactly one start event. Timestamp processing is a key step in event processing. The time stamps in splunk would still show it as Event A 10:00:21.000 Event B 10:00:21.000 So when i use transaction it would give me o as duration. Event description and tags Actors, groups, users, entity and device identification Action types Predefined metrics Data access, login attempts, failures and authentication information Error details Actions, Account changes, system-wide changes and information state changes Transaction details (Understand the difference between logs & metrics. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |